Computer Is So Slooooooow

Deucehearts

By Deucehearts,
in Malware Removal

 Share Followers 0

Recommended Posts

Deucehearts

Deucehearts

Posted
Posted

My friends computer is really slow. I tried running Adaware, Spybot and several online scans without any success at all. Everytime I tried running a scan the computer would freeze up and have to be restarted. I was only on the computer for 30 min and pop ups where all over the place. So here is the Hijack log. Help me if you can thanks.

Logfile of HijackThis v1.99.1

Scan saved at 8:36:01 PM, on 9/5/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

c:\windows\system32\ibfeqdx.exe

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\WINDOWS\system32\NORMANANTIVIRUS.EXE

C:\documents and settings\molly\local settings\temp\q4BhRv8.exe

C:\windows\system32\p6oM.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\system32\RUNDLL32.exe

C:\windows\system32\ebEyB.exe

C:\windows\system32\15BRJLsg.exe

C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe

C:\Program Files\AutoUpdate\AutoUpdate.exe

C:\WINDOWS\system32\igmger.exe

C:\WINDOWS\system32\r?gsvr32.exe

C:\WINDOWS\system32\iearsa16.exe

C:\PROGRA~1\AIM\aim.exe

C:\WINDOWS\SYSTEM32\ebEyB.exe

C:\Program Files\rdso\eetu.exe

C:\WINDOWS\system32\QtrgRbne.exe

C:\WINDOWS\system32\LnaqyU35.exe

C:\Program Files\Aprps\CxtPls.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\LimeWire\LimeWire.exe

C:\WINDOWS\system32\cdmweb\iexxathnrd.exe

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.uwlax.edu/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pollserver.interpolls.com/cache/hbo...musicmatch.html

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll

O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\Program Files\Aprps\plg0\cxtpls.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: BolgerObj Class - {302A3240-4805-4a34-97D7-1645A0B08410} - C:\WINDOWS\Bolger.dll

O2 - BHO: (no name) - {63BC0E56-AFAC-E056-BE0E-ED55058EE7A4} - C:\WINDOWS\system32\nnq.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\system32\nvms.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {EF717B91-C20B-BD84-2050-CE09F61122C0} - C:\WINDOWS\system32\entopksa.dll

O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll

O2 - BHO: (no name) - {FCCCEE28-7B98-4690-8C5A-083FB8E1E0C8} - C:\WINDOWS\system32\cdmweb\iexxathnrd.dll

O2 - BHO: (no name) - {FEE418EA-BC48-FEB0-0E01-F88408AF71A1} - C:\WINDOWS\system32\vdyraudm.dll (file missing)

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [Norman Antivirus] NORMANANTIVIRUS.EXE

O4 - HKLM\..\Run: [q4BhRv8] C:\documents and settings\molly\local settings\temp\q4BhRv8.exe

O4 - HKLM\..\Run: [p6oM] C:\windows\system32\p6oM.exe

O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\system32\Cyf0o.exe

O4 - HKLM\..\Run: [Wvzp.exe] C:\windows\system32\Wvzp.exe

O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe

O4 - HKLM\..\Run: [EbatesMoeMoneyMaker0] "C:\Program Files\Ebates_MoeMoneyMaker\EbatesMoeMoneyMaker0.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [ebEyB.exe] c:\windows\system32\ebEyB.exe

O4 - HKLM\..\Run: [15BRJLsg] C:\windows\system32\15BRJLsg.exe

O4 - HKLM\..\Run: [WeirdOnTheWeb] "C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"

O4 - HKLM\..\Run: [NaviSearch] C:\Program Files\NaviSearch\bin\nls.exe

O4 - HKLM\..\Run: [cqmshny] c:\windows\system32\tyzwef.exe

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [wssi3nV] igmger.exe

O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe

O4 - HKLM\..\Run: [hghxmtk] c:\windows\system32\ibfeqdx.exe r

O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKCU\..\Run: [uzmrz] C:\WINDOWS\system32\r?gsvr32.exe

O4 - HKCU\..\Run: [hB3sRhZ8T] iearsa16.exe

O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl

O4 - HKCU\..\Run: [Aida] C:\Program Files\rdso\eetu.exe

O4 - HKCU\..\RunOnce: [Norman Antivirus] NORMANANTIVIRUS.EXE

O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)

O12 - Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/tri...Transporter.cab?

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: BullGuard XComm (XCOMM) - Unknown owner - C:\WINDOWS\SYSTEM32\xcommsvr.exe (file missing)

Link to post
Share on other sites
Besttechie

Besttechie

Posted
Posted

Hi and Welcome,

Let's get you cleaned up! First thing I'm going to have you do is download and run ewido.

Please download ewido security suite it is a trial version of the program.

  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen

You will need to update ewido to the latest definition files.

  • On the left hand side of the main screen click update
  • Then click on Start Update

The update will start and a progress bar will show the updates being installed.

If you are having problems with the updater, you can use this link to manually update ewido.

ewido manual updates

Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

Open Ewido again

  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.

Now close ewido security suite.

Reboot and Post the report Ewido made and a new Hijackthis log here in a reply.

Good luck! :thumbsup:

B

Link to post
Share on other sites
DumbTerminal

DumbTerminal

Posted
Posted

Hi DueceHearts

You should just take the advice given here, and abandon your thread at G4

As far as I know, all of the qualified log readers have left G4's tech forum.

You also shouldn't cross post HJT logs, because the log readers have no way of knowing what you may have already done, therefore your computer can get screwed up.

I'll post at G4 also

Link to post
Share on other sites
Deucehearts

Deucehearts

Posted
  • Author
Posted

Sorry its been awhile but here it goes. Here are my two scans, Hijack Log first and then the ewido scan results.

Logfile of HijackThis v1.99.1

Scan saved at 10:20:27 PM, on 9/7/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.exe

c:\windows\system32\nhpkqt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {63BC0E56-AFAC-E056-BE0E-ED55058EE7A4} - C:\WINDOWS\system32\nnq.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {EF717B91-C20B-BD84-2050-CE09F61122C0} - C:\WINDOWS\system32\entopksa.dll

O2 - BHO: (no name) - {FCCCEE28-7B98-4690-8C5A-083FB8E1E0C8} - C:\WINDOWS\system32\cdmweb\iexxathnrd.dll (file missing)

O2 - BHO: (no name) - {FEE418EA-BC48-FEB0-0E01-F88408AF71A1} - C:\WINDOWS\system32\vdyraudm.dll (file missing)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [q4BhRv8] C:\documents and settings\molly\local settings\temp\q4BhRv8.exe

O4 - HKLM\..\Run: [Wvzp.exe] C:\windows\system32\Wvzp.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [cqmshny] c:\windows\system32\tyzwef.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: BullGuard XComm (XCOMM) - Unknown owner - C:\WINDOWS\SYSTEM32\xcommsvr.exe (file missing)

Ewido results:

---------------------------------------------------------

ewido security suite - Scan report

---------------------------------------------------------

+ Created on: 10:19:23 PM, 9/7/2005

+ Report-Checksum: 97F18FF3

+ Scan result:

[760] VM_00D60000 -> Adware.BetterInternet : Error during cleaning

[1192] c:\windows\system32\nhpkqt.exe -> Adware.BetterInternet : Error during cleaning

:mozilla.6:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\7tsiwbgn.default\cookies.txt -> Spyware.Cookie.Com : Cleaned without backup

:mozilla.7:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\7tsiwbgn.default\cookies.txt -> Spyware.Cookie.Com : Cleaned without backup

:mozilla.15:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\7tsiwbgn.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned without backup

:mozilla.16:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\7tsiwbgn.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned without backup

:mozilla.18:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\7tsiwbgn.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned without backup

:mozilla.19:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\7tsiwbgn.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\molly@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\molly@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\molly@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\[email protected][1].txt -> Spyware.Cookie.Addynamix : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\[email protected][1].txt -> Spyware.Cookie.Pointroll : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\[email protected][1].txt -> Spyware.Cookie.Bpath : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\molly@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\molly@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\molly@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\molly@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\molly@clickagents[1].txt -> Spyware.Cookie.Clickagents : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\[email protected][1].txt -> Spyware.Cookie.Internetfuel : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\[email protected][1].txt -> Spyware.Cookie.Coremetrics : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\molly@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\[email protected][1].txt -> Spyware.Cookie.Ru4 : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\molly@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\molly@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\molly@linksynergy[1].txt -> Spyware.Cookie.Linksynergy : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\molly@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\molly@overture[1].txt -> Spyware.Cookie.Overture : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\molly@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\molly@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\molly@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\[email protected][2].txt -> Spyware.Cookie.Adjuggler : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\[email protected][2].txt -> Spyware.Cookie.Liveperson : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\[email protected][2].txt -> Spyware.Cookie.Liveperson : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\[email protected][2].txt -> Spyware.Cookie.Webtrendslive : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\molly@targetnet[1].txt -> Spyware.Cookie.Targetnet : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\molly@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\molly@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\molly@valuead[1].txt -> Spyware.Cookie.Valuead : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\molly@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\[email protected][1].txt -> Spyware.Cookie.Burstbeacon : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\molly@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup

C:\Documents and Settings\Molly\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned without backup

C:\Documents and Settings\Molly\Local Settings\Temp\1E4.tmp\thnall1ac.exe -> Adware.BetterInternet : Cleaned without backup

C:\Documents and Settings\Molly\Local Settings\Temp\2.tmp\thnall1ac.exe -> Adware.BetterInternet : Cleaned without backup

C:\Documents and Settings\Molly\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup

C:\Documents and Settings\Molly\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Addynamix : Cleaned without backup

C:\Documents and Settings\Molly\Local Settings\Temp\Cookies\molly@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned without backup

C:\Documents and Settings\Molly\Local Settings\Temp\Cookies\molly@linksynergy[1].txt -> Spyware.Cookie.Linksynergy : Cleaned without backup

C:\Documents and Settings\Molly\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned without backup

C:\Documents and Settings\Molly\Local Settings\Temp\installer_MARKETING39.exe -> TrojanDownloader.Adload.a : Cleaned without backup

C:\Documents and Settings\Molly\Local Settings\Temp\nst42.EXE -> Spyware.SmartPops : Cleaned without backup

C:\Documents and Settings\Molly\Local Settings\Temp\q4BhRv8.exe -> Spyware.WinFetcher : Cleaned without backup

C:\Documents and Settings\Molly\Local Settings\Temp\TFT\aurareco.exe -> Adware.BetterInternet : Cleaned without backup

C:\Documents and Settings\Molly\Local Settings\Temp\YQT\aurareco.exe -> Adware.BetterInternet : Cleaned without backup

C:\Program Files\Aprps\CxtPls.dll -> TrojanDownloader.Apropo.ah : Cleaned without backup

C:\Program Files\WeirdOnTheWeb\weirdontheweb.exe -> Spyware.WeirWeb : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP514\A0107890.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP515\A0107906.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP516\A0108004.exe -> Trojan.Agent.cp : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP516\A0108005.exe -> Trojan.Agent.cp : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP516\A0108009.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP516\A0108016.exe -> Spyware.PurityScan : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP516\A0108017.exe -> Spyware.PurityScan : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP516\A0108030.dll -> TrojanDownloader.Apropo.ad : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP517\A0108046.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP517\A0108073.exe -> Spyware.BargainBuddy : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP517\A0108074.exe -> Spyware.BargainBuddy : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP517\A0108075.exe -> Spyware.BargainBuddy : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP517\A0108076.exe -> Spyware.BargainBuddy : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP518\A0108079.exe -> Spyware.BargainBuddy : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP518\A0108987.exe -> Spyware.BargainBuddy : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP518\A0108990.exe -> TrojanDownloader.Apropo.ac : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP518\A0109009.exe -> Trojan.Agent.cp : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP518\A0109010.exe -> Spyware.BargainBuddy : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP518\A0109011.exe -> Spyware.BargainBuddy : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP518\A0109012.exe -> Spyware.BargainBuddy : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP518\A0109013.exe -> Spyware.BargainBuddy : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP518\A0109017.exe -> Spyware.BargainBuddy : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP519\A0109018.exe -> Spyware.BargainBuddy : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP519\A0109021.exe -> Spyware.BargainBuddy : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP519\A0109022.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP519\A0109992.exe -> Trojan.Agent.cp : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP519\A0109995.exe -> Spyware.BargainBuddy : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP520\A0109998.exe -> Spyware.BargainBuddy : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP520\A0109999.exe -> Spyware.BargainBuddy : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP520\A0110000.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP520\A0110002.exe -> Spyware.BargainBuddy : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP520\A0110003.exe -> Spyware.BargainBuddy : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP520\A0110005.exe -> TrojanDownloader.Apropo.g : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP520\A0110007.exe -> Spyware.AproposMedia : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP520\A0110009.dll -> TrojanDownloader.Apropo.ad : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP520\A0110017.exe -> Spyware.BargainBuddy : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP520\A0110018.exe -> Spyware.BargainBuddy : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP520\A0110019.exe -> Spyware.BargainBuddy : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP520\A0110020.exe -> Spyware.BargainBuddy : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP520\A0110021.exe -> Spyware.BargainBuddy : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP520\A0110022.exe -> Spyware.BargainBuddy : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP520\A0110023.exe -> TrojanDownloader.Intexp.c : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP520\A0110024.exe -> Trojan.Imiserv.c : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP521\A0110031.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP521\A0110054.dll -> TrojanDownloader.Apropo.ah : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP521\A0110061.exe -> TrojanDownloader.Intexp.c : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP521\A0110987.exe -> TrojanDownloader.Apropo.ac : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP521\A0110988.exe -> TrojanDownloader.Agent.ed : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP521\A0110989.exe -> TrojanDownloader.Agent.ed : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP521\A0110990.exe -> TrojanDownloader.Apropo.ac : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP521\A0110996.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP521\A0111015.exe -> TrojanDownloader.VB.em : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP521\A0111016.exe -> TrojanDownloader.VB.em : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP521\A0111017.exe -> TrojanDownloader.VB.em : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP521\A0111019.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP522\A0111024.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP522\A0111029.exe -> Trojan.Imiserv.c : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP522\A0111031.dll -> TrojanDownloader.Apropo.ah : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP523\A0111042.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP523\A0111987.exe -> TrojanDownloader.Agent.ed : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP523\A0111988.exe -> TrojanDownloader.Agent.ed : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP523\A0111989.exe -> TrojanDownloader.Apropo.ac : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP523\A0111995.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP523\A0112001.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP524\A0112008.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP524\A0112992.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP524\A0112995.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP526\A0113006.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP528\A0113030.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP528\A0113035.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP528\A0113036.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP528\A0113043.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP528\A0113044.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP528\A0113053.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP529\A0113062.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP530\A0114053.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP530\A0114058.dll -> TrojanDownloader.Apropo.ah : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP530\A0114059.dll -> TrojanDownloader.Apropo.ah : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP530\A0114066.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP531\A0114069.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP531\A0114072.dll -> Spyware.PurityScan : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP531\A0114073.exe -> Spyware.PurityScan : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP532\A0114077.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP532\A0115048.exe -> TrojanDownloader.Apropo.ac : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP532\A0115054.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP532\A0115061.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP533\A0115062.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP533\A0115080.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP533\A0115081.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP534\A0115086.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP535\A0116080.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP535\A0116083.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP536\A0116091.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP536\A0117080.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP537\A0118080.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP537\A0118081.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP537\A0118086.exe -> Spyware.PurityScan : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP537\A0118087.exe -> TrojanDownloader.Intexp.c : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP537\A0118088.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP537\A0118095.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP539\A0119095.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP539\A0119096.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP539\A0119097.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP539\A0119098.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP539\A0119107.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP539\A0119110.dll -> Spyware.PurityScan : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP539\A0119115.dll -> Spyware.ImiBar : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP539\A0119122.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP539\A0119123.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP539\A0120122.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP539\A0120127.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP539\A0120134.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP539\A0120135.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP539\A0120138.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP541\A0121134.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP541\A0121137.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP542\A0121147.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP542\A0122134.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP542\A0122135.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP542\A0122139.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP543\A0122143.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP543\A0122149.exe -> TrojanDownloader.PurityScan.y : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP543\A0122157.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP543\A0122158.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP543\A0122163.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP544\A0122166.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP544\A0123157.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP544\A0123160.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP544\A0124159.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP544\A0124163.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP544\A0124164.exe -> Spyware.PurityScan : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP545\A0124177.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP546\A0124251.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP546\A0124253.dll -> Spyware.PurityScan : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP546\A0124273.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP546\A0124288.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP546\A0124291.exe -> Spyware.CashBack : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP546\A0124292.exe -> Spyware.CashBack : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP546\A0124294.exe -> Spyware.BargainBuddy : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP546\A0124295.exe -> Spyware.BargainBuddy : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP546\A0124313.sys -> Trojan.Rootkit.Agent.af : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP546\A0124321.dll -> Spyware.BargainBuddy : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP546\A0124328.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP546\A0124329.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP546\A0124333.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP547\A0124341.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP548\A0125325.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP548\A0125334.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP549\A0125337.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP549\A0125345.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP549\A0126345.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP549\A0126346.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP549\A0126356.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP549\A0126359.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP550\A0126370.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP550\A0127356.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP550\A0127360.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP550\A0128356.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP550\A0128357.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP551\A0128363.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP551\A0129356.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP551\A0129359.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP552\A0129374.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP552\A0130356.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP552\A0130359.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP552\A0131356.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP552\A0132356.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP552\A0132365.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP552\A0132366.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP552\A0132369.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP553\A0132378.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP554\A0133378.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP554\A0134378.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP555\A0134384.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP555\A0134407.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP555\A0134408.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP556\A0135407.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP556\A0136407.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP556\A0136408.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP556\A0136409.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP556\A0136410.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP556\A0136413.dll -> Spyware.PurityScan : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP556\A0136419.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP557\A0136432.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP557\A0136433.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP557\A0136437.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP558\A0136441.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP558\A0137432.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP558\A0137436.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP559\A0137456.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP559\A0137461.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP560\A0137472.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP561\A0137479.exe -> Spyware.AproposMedia : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP561\A0137480.exe -> TrojanDownloader.VB.em : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP561\A0137481.exe -> TrojanDownloader.VB.em : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP561\A0137482.exe -> TrojanDownloader.VB.em : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP561\A0138456.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP561\A0138459.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP561\A0139456.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP561\A0139462.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP562\A0139469.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP562\A0140456.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP562\A0140461.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP563\A0140464.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP563\A0141456.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP563\A0141463.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0141469.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0142456.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0142457.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0143453.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0143454.exe -> TrojanDownloader.Apropo.g : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0143457.exe -> Spyware.BargainBuddy : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0143458.exe -> Spyware.ConsCorr : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0143459.dll -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0143460.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0143461.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0143462.exe -> Trojan.Imiserv.c : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0143463.dll -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0143465.exe -> Spyware.BargainBuddy : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0143466.exe -> Spyware.BargainBuddy : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0143467.exe -> Spyware.BargainBuddy : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0143468.exe -> TrojanDownloader.Agent.ro : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0143469.vxd -> Spyware.BargainBuddy : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0143470.srg -> Spyware.BargainBuddy : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0143471.dll -> Spyware.BargainBuddy : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0143472.dll -> Spyware.BargainBuddy : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0143479.dll -> Spyware.Suggestor : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0143481.sys -> Trojan.Rootkit.Agent.af : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0143484.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0143489.exe -> Adware.BetterInternet : Cleaned without backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0144487.exe -> Adware.BetterInternet : Cleaned without backup

C:\WINDOWS\Buddy.exe -> Adware.BetterInternet : Cleaned without backup

C:\WINDOWS\dinst.exe -> TrojanDownloader.Intexp.d : Cleaned without backup

C:\WINDOWS\Downloaded Program Files\mp3.exe -> Dialer.Generic : Cleaned without backup

C:\WINDOWS\dsr.dll -> Spyware.Hijacker.Generic : Cleaned without backup

C:\WINDOWS\dsr.exe -> Trojan.Imiserv.c : Cleaned without backup

C:\WINDOWS\kewzsxclmts.exe -> Adware.BetterInternet : Cleaned without backup

C:\WINDOWS\mhlshbg.exe -> Adware.BetterInternet : Cleaned without backup

C:\WINDOWS\SYSTEM32\15BRJLsg.exe -> Spyware.WinFetcher : Cleaned without backup

C:\WINDOWS\SYSTEM32\AOLMessenger.exe -> Backdoor.SdBot : Cleaned without backup

C:\WINDOWS\SYSTEM32\cdmweb\iexxathnrd.dll -> Spyware.SmartPops : Cleaned without backup

C:\WINDOWS\SYSTEM32\cdmweb\iexxathnrd.exe -> Spyware.SmartPops : Cleaned without backup

C:\WINDOWS\SYSTEM32\Cyf0o.exe -> TrojanDownloader.VB.em : Cleaned without backup

C:\WINDOWS\SYSTEM32\ebEyB.exe -> Trojan.Agent.az : Cleaned without backup

C:\WINDOWS\SYSTEM32\Hsyfa.exe -> TrojanDownloader.VB.em : Cleaned without backup

C:\WINDOWS\SYSTEM32\HyperLinker2.exe -> Spyware.iSearch : Cleaned without backup

C:\WINDOWS\SYSTEM32\igmger.exe -> Spyware.Apropos : Cleaned without backup

C:\WINDOWS\SYSTEM32\LnaqyU35.exe -> TrojanDownloader.VB.em : Cleaned without backup

C:\WINDOWS\SYSTEM32\NormanAntivirus.exe -> Backdoor.Spyboter : Cleaned without backup

C:\WINDOWS\SYSTEM32\p6oM.exe -> Spyware.WinFetcher : Cleaned without backup

C:\WINDOWS\SYSTEM32\QtrgRbne.exe -> TrojanDownloader.VB.em : Cleaned without backup

C:\WINDOWS\SYSTEM32\rеgsvr32.exe -> Spyware.PurityScan : Cleaned without backup

C:\WINDOWS\SYSTEM32\Wvs4.exe -> TrojanDownloader.VB.em : Cleaned without backup

C:\WINDOWS\SYSTEM32\__delete_on_reboot__nhpkqt.exe -> Adware.BetterInternet : Cleaned without backup

::Report End

thanks everyone once again.

Link to post
Share on other sites
Besttechie

Besttechie

Posted
Posted

Ok, looking much better! B)

Please download Nailfix from here:

http://www.noidea.us/easyfile/file.php?dow...050515010747824

Unzip it to the desktop but please do NOT run it yet.

Next, please reboot your computer in Safe Mode by doing the following:

1) Restart your computer

2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.

3) Instead of Windows loading as normal, a menu should appear

4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:

http://www.pchell.com/support/safemode.shtml

Once in Safe Mode, please double-click on Nailfix.cmd. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Next please run HijackThis, click Scan, and check:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

Close all open windows except for HijackThis and click Fix Checked.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

Good luck! :thumbsup:

B

Link to post
Share on other sites
Deucehearts

Deucehearts

Posted
  • Author
Posted

OK here are the new scans. Computer works a million times better already.

Logfile of HijackThis v1.99.1

Scan saved at 1:42:08 PM, on 9/9/2005

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/

O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {63BC0E56-AFAC-E056-BE0E-ED55058EE7A4} - C:\WINDOWS\system32\nnq.dll (file missing)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {EF717B91-C20B-BD84-2050-CE09F61122C0} - C:\WINDOWS\system32\entopksa.dll

O2 - BHO: (no name) - {FCCCEE28-7B98-4690-8C5A-083FB8E1E0C8} - C:\WINDOWS\system32\cdmweb\iexxathnrd.dll (file missing)

O2 - BHO: (no name) - {FEE418EA-BC48-FEB0-0E01-F88408AF71A1} - C:\WINDOWS\system32\vdyraudm.dll (file missing)

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [q4BhRv8] C:\documents and settings\molly\local settings\temp\q4BhRv8.exe

O4 - HKLM\..\Run: [Wvzp.exe] C:\windows\system32\Wvzp.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [cqmshny] c:\windows\system32\tyzwef.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: BullGuard XComm (XCOMM) - Unknown owner - C:\WINDOWS\SYSTEM32\xcommsvr.exe (file missing)

---------------------------------------------------------

ewido security suite - Scan report

---------------------------------------------------------

+ Created on: 1:40:24 PM, 9/9/2005

+ Report-Checksum: 2833E941

+ Scan result:

:mozilla.10:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\7tsiwbgn.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup

:mozilla.11:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\7tsiwbgn.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup

:mozilla.12:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\7tsiwbgn.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup

:mozilla.25:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\7tsiwbgn.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup

:mozilla.26:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\7tsiwbgn.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup

:mozilla.27:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\7tsiwbgn.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup

:mozilla.28:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\7tsiwbgn.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup

:mozilla.29:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\7tsiwbgn.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup

:mozilla.30:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\7tsiwbgn.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup

:mozilla.31:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\7tsiwbgn.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup

:mozilla.32:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\7tsiwbgn.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup

:mozilla.33:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\7tsiwbgn.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup

:mozilla.36:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\7tsiwbgn.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup

:mozilla.37:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\7tsiwbgn.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup

:mozilla.38:C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\7tsiwbgn.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0144488.dll -> TrojanDownloader.Apropo.ah : Cleaned with backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0144489.exe -> Spyware.WeirWeb : Cleaned with backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0144490.exe -> Adware.BetterInternet : Cleaned with backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0144491.exe -> TrojanDownloader.Intexp.d : Cleaned with backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0144492.dll -> Spyware.Hijacker.Generic : Cleaned with backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0144493.exe -> Trojan.Imiserv.c : Cleaned with backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0144494.exe -> Adware.BetterInternet : Cleaned with backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0144495.exe -> Adware.BetterInternet : Cleaned with backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0144496.exe -> Spyware.WinFetcher : Cleaned with backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0144497.exe -> Backdoor.SdBot : Cleaned with backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0144498.dll -> Spyware.SmartPops : Cleaned with backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0144499.exe -> Spyware.SmartPops : Cleaned with backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0144500.exe -> TrojanDownloader.VB.em : Cleaned with backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0144501.exe -> Trojan.Agent.az : Cleaned with backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0144502.exe -> TrojanDownloader.VB.em : Cleaned with backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0144503.exe -> Spyware.iSearch : Cleaned with backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0144504.exe -> Spyware.Apropos : Cleaned with backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0144505.exe -> TrojanDownloader.VB.em : Cleaned with backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0144506.exe -> Backdoor.Spyboter : Cleaned with backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0144507.exe -> Spyware.WinFetcher : Cleaned with backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0144508.exe -> TrojanDownloader.VB.em : Cleaned with backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0144509.exe -> Spyware.PurityScan : Cleaned with backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0144510.exe -> TrojanDownloader.VB.em : Cleaned with backup

C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP564\A0144514.exe -> Adware.BetterInternet : Cleaned with backup

::Report End

Link to post
Share on other sites
Besttechie

Besttechie

Posted
Posted

Ok, let's finish this off!

First unhide hidden files and folders, for more help on to do that follow the link below:

http://www.xtra.co.nz/help/0,,4155-1916458,00.html#5

Then open HJT and have it fix the following:

O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)

O2 - BHO: (no name) - {63BC0E56-AFAC-E056-BE0E-ED55058EE7A4} - C:\WINDOWS\system32\nnq.dll (file missing)

O2 - BHO: (no name) - {EF717B91-C20B-BD84-2050-CE09F61122C0} - C:\WINDOWS\system32\entopksa.dll

O2 - BHO: (no name) - {FCCCEE28-7B98-4690-8C5A-083FB8E1E0C8} - C:\WINDOWS\system32\cdmweb\iexxathnrd.dll (file missing)

O2 - BHO: (no name) - {FEE418EA-BC48-FEB0-0E01-F88408AF71A1} - C:\WINDOWS\system32\vdyraudm.dll (file missing)

O4 - HKLM\..\Run: [q4BhRv8] C:\documents and settings\molly\local settings\temp\q4BhRv8.exe

O4 - HKLM\..\Run: [Wvzp.exe] C:\windows\system32\Wvzp.exe

O4 - HKLM\..\Run: [cqmshny] c:\windows\system32\tyzwef.exe

Then boot to Safe Mode, if you don't know how to boot to Safe Mode look here for more help:

http://www.pchell.com/support/safemode.shtml

Now from Safe Mode delete the following files/folders in red (if present)

C:\WINDOWS\dsr.dll <-- delete the file

C:\WINDOWS\system32\nnq.dll <-- delete the file

C:\WINDOWS\system32\entopksa.dll <-- delete the file

C:\WINDOWS\system32\cdmweb\iexxathnrd.dll <-- delete the folder and everything in it

C:\WINDOWS\system32\vdyraudm.dll <-- delete the file

C:\documents and settings\molly\local settings\temp\q4BhRv8.exe <-- delete the file

C:\windows\system32\Wvzp.exe <-- delete the file

c:\windows\system32\tyzwef.exe <-- delete the file

Then reboot, back into normal mode and post a new log.

Good luck! :thumbsup:

B

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Followers 0
Go to topic listing